The article below (link) recently came across my desk and it is a primer on Ransomware. I have unfortunately had to deal with Ransomware and to put it simply, it is Awful! Ransomware is on the rise with more and more variants and threats showing up daily. It doesn't discriminate from the home user to the business network. Education and Redundant security is the only sure way to help combat the rise of Ransomware. I have had excellent results with using Trend Micro Worry Free Security in combination with offsite backup providers, such as Carbonite. Using these two tools has greatly reduced the risk that my clients face in dealing with Ransomware. The article below is from TREND MICRO. If you would like a free assessment on your computer or network for vulnerabilities, please contact me here.
Full Citation: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-ransomware-business-takes-10-percent-cut
B2B Extortion? New Ransomware Business Takes 10 Percent Cut from Its Customers
November 17, 2015
A new ransomware service has been introduced, promising to provide anyone with the means to launch crypto ransomware attacks for a 10 percent cut of the proceeds. Called the CryptoLocker Service, the operation provides customers—even those without advanced technical knowledge or experience—with crypto ransomware that can be configured according to their preferences.
To get CryptoLocker Service’s basic payload, an initial US $50 has to be paid by interested customers. After paying the said sum, the user can specify the amount of ransom money required to decrypt the victim’s files and immediately execute attacks. Once the payment has been made, the collected Bitcoin payments will be automatically forwarded to the customer-designated address—minus the 10 percent commission taken by the service.
Given its characteristics, CryptoLocker Service is slated to be a cheaper resource that could result in an increased number of downloads and infected victims. The ransom can be set by the customer, but Fakben recommends keeping it low—at US$200. For now, the crypto ransomware only affects Windows PCs, but there are plans to develop the malware for other platforms.
The operator, using the handle Fakben, aims to yield additional customized functionalities in the said malware by utilizing preexisting exploits and potentially targeting vulnerable software such as Adobe and Java. The person behind the venture isn’t new to the cybercrime business, as Fakben had been a former user of the now-shut down Evolution (Evo) black market on the Tor network.
The CryptoLocker Service site posted on November 16 that it will launch in one or two days.
Is extortion going B2B? It remains to be seen how this new scheme could affect the threat landscape. Giving practically any would-be criminal the ability to launch their own ransomware operation for a $50 buy-in could result in a sudden rise in ransomware incidents. It's recommended that users always keep backups of their important data. While it can't prevent a ransomware infection, having a backup on hand can make sure that victims don't have to pay up to recover encrypted data. Paying the ransom only encourages more attacks.
For a primer on ransomware, read our 101 on what it is, how it works, and how to defend against it.